Ubuntu Security Notice 1004-1 – It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94752/USN-1004-1.txt
Source: https://packetstormsecurity.com/files/94752/Ubuntu-Security-Notice-1004-1.html